hacker of things

Becoming a Certified Ethical Hacker

Lately I have been having thoughts of studying for my first infosec industry certification. Being that it is now July 2015 and we are in the middle of the security “conference season”, I find that I am missing a few acronyms on my business card when I attempt to network with others in the field. With so many people I meet possessing recognizable and respected certifications such as CISSP, Security+, CASP, or CEH… it is tough to stand out on paper among the hordes of “industry certified” security professionals.

Certifications are sort of like profiling, without one you seem entry-level, someone who is just getting their feet wet. Of course any good manager would know that that is simply not true. If one does not have a certification, it does not mean they do not possess the skills needed to be successful. And similarly just because someone has completed a certification does not mean they have the expertise needed to perform well at a high paying job. I graduated with a Bachelor Degree in Information Security back in April 2014, and landed a nice career in infosec soon after. With the on-the-job knowledge I accrue on a daily basis, I do not believe any certification can truly match up with this type of “real world” experience. Yet still I have some void within me. A continuous whisper in my mind telling me to stop putting this on the back burner and get going on furthering my education. If an acronym is what is needed to prequalify for respect and trust because people simply do not have the time to test what they are looking for, then so be it! I choose CEH.

EC Council Certified Ethical Hacker (CEH)

I decided to pursue a CEH because I feel it aligns most with my current knowledge and training, while still providing enough value and content to make me a better security professional. The exam itself is:

125 questions

70% passing score

Multiple choice

The current version of the exam is 312-50 which will cover 19 domains:

Introduction to Ethical Hacking

Footprinting and Reconnaissance

Scanning Networks

Enumeration

System Hacking

Trojans and Backdoors

Viruses and Worms

Sniffers

Social Engineering

Denial of Service

Session Hijacking

Hacking Webservers

Hacking Web Applications

SQL Injection

Hacking Wireless Networks

Evading IDS, Firewalls, and Honeypots

Buffer Overflow

Cryptography

Penetration Testing

My plan will be to cover one domain/week and provide useful examples on the material in the form of a blog post every week. This will help me retain all the information I am learning, and also serve as a knowledge base for my studying.

I hope you will enjoy the new content on my blog, and at this rate I should be certified sometime in November. Wish me luck!!!!